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(54) Apparatus and methods for 

making payments electronically 



(57 ) Where simply the giving of a 
number is to be used as a payment, 
problems arise as to how the number 
can be generated securely and how It 
can be verified. A secret key held in a 
store 16 of a customers token 10 Is used 
to encrypt a number specifying goods 
and a payment to be made transmitted 
from a shopkeepers terminal 14. The 
number generated is decrypted for 
checking by the terminal 14 using a 
non-secret key supplied by a store 20 of 
the token 10 but the non-secret key 
together with coded numbers does not 
provided enough information for the 
secret key to be found and hence for 
fraudulent coding to be carried out. 



27 



2S 



D/SPIAV 



BOAMD 



2Z 

\ 



2S^ ^C- 



24^^:z^ 



26 



X 



-^5 



20 



1 



./2 



2i 



P£6 



corfP 



R£e 

zr 



43 



/7- 



^9 



£NC/^ypr 



P£G 



^8 J 



CD 

O 
M 

O) 
O 



I/I 



2102606 



28 
STOR£ 



26^ 
D/SPIAV 



BOARD 



27 

\ 

6AT£ 



2Z 

\ 



R£G 



22 



1 



D£CRyPT 



24 



1 



R£6 



26 



1 



conp 



H R£6 

zr 



/7- 



// 20 



sroR£ 



1 



/2 



2^ 

_L 



L- R£6 



^3 



£NCRyPT 



J 



1 



GB 2 102 606 A 



1 



SPECIFICATION 

Apparatus and methods for making payments elec- 
tronically 

5 

The present invention relates to devices such as 
cards or tokens containing "active" electronic cir- 
cuits, and methods of using such devices for carry- 
ing out transactions, for example payments. Usually 

1 0 the transactions are carried out "off line". 

In the most commonly used method of making 
payment by passive credit card, a shopkeeper, for 
example, fills in a slip using details from the credit 
card and the customer signs the slip. Where the 

1 5 amount is greater than a certain limit, the shop- 
keeper telephones the credit card company and 
obtains a number to write on the slip provided the 
customer has sufficient credit to cover the purchase. 
The slips are made out by shopkeepers are then pas- 

20 sed to credit card companies who arrange for pay- 
ment to the shopkeepers. Although this process 
works well, it is expensive and time consuming in 
writing out slips, and in the transmission and clear- 
ing of slips. 

25 In another less well known credit card system 
which may be active or passive the customer pre- 
pays for some service such as a train fare and the 
amount he pays is recorded on the card. Each time 
the card is used an amount, for example correspond- 

30 ing to the iare, is deducted from the total on the card 
and the card has to be either discarded or reloaded 
when the prepaid amount has been used. Although 
this system is suitable for such payments as travel 
by railway and telephone usage, where a customer 

35 deals mainly with one organisation which can issue 
cards to be used only on its system, it is of little use 
where a card is required which can be used with a 
large numberof relatively small organisations. 
Although in theory the system could be operated by 

40 transferring an amount from the customer's card to 
an electronic or magnetic record kept by the shop- 
keeper, such a system would be very susceptible to 
fraud. 

In another proposed arrangement which is quite 

45 similar to that previously described, the shopkeeper 
has an electronic cash register (ECR) which is con- 
nected "on line" to a number of banks and when the 
credit card is used, it is inserted into the ECR and an 
on line computer checks the card holder's current 

50 balance and debits it according to an amount 
entered at the ECR. At the same time the shop- 
keeper's account is increased by that amount 
Clearly this is a complex and expensive system 
which is susceptible to electronic faults. 

55 According to a first aspect of the present invention 
there is provided a method of carrying out a transac- 
tion comprising automatically coding information 
relating to the transaction using a system of the type 
hereinafter specified, decoding the coded message 

60 in order to determine what information has been 
coded, and using the coded message to enable an 
action to be carried out and/or storing the coded 
message as evidence of the transaction. 
In this specification a coding system of the type 

65 specified is a system in which a coded message can 



be decoded without such knowledge of the coding 
process which was used to produce the coded mes- 
sage, as would allow information to be coded 
according to the process. 

70 Such a system can be based on the United States 
Public Key Crypto System (PKCS). This system is 
discussed in more detail later. 

Transactions which may be carried out using the 
first aspect of the invention include many recording 

75 and/or authorization processes, for example author- 
ization for, and recording of, the removal of goods, 
the coded message being kept by the person parting 
v\nth the goods as evidence of authorization. Of 
course, transactions according to the first aspect of 

80 the invention include payments when the coded 
message is evidence of the payment and may, in 
effect, be regarded as the payment. 

According to a second aspect of the present inven- 
tion there is provided a portable token comprising 

85 means for receiving signals representing informa- 
tion concerning a transaction, means for encoding 
the signals received according to a coding system of 
the type hereinbefore specified, and means for pro- 
viding an indication of the encoded signals. 

90 Preferably the token is capable of being easily car- 
ried in one hand. 

According to a third aspect of the present inven- 
tion there is provided a terminal comprising means 
for supplying first electrical signals representative of 

95 information concerning a transaction to coding 
apparatus, means for receiving second encoded 
electrical signals representative of the first signals 
from coding apparatus, and means for decoding the 
second signals according to a coding system of the 

100 type hereinbefore specified. 

The terminal may also include means for indicat- 
ing the decoded contents of the second signals 
and/or means for checking the decoded signals 
against the first signals. 

105 The terminal may also include storage meansfor 
storing a plurality of second signals in a form which 
can be transmitted to a clearing organisation, such 
as a bank. The storage means may be magnetic tape, 
for example in a cassette, a "floppy disc", a non- 

110 volatile electrical memory, or even a volatile electri- 
cal memory where the second signals can be trans- 
mitted, for example by means of a telephone line, at 
certain times of day. 
A main advantage of the present invention can 

115 now be appreciated since when the method of the 
first aspect of the invention is used using a token 
according to the second aspect of the invention in 
conjunction with a terminal of the third aspect of the 
invention, a shopkeeper, for example, receives a 

120 number from a customer and this number may for 
instance represent the date, time and amount of a 
payment and in addition account numbers of both 
the customer and the shopkeeper. Since the number 
receh^ed by the shopkeeper is encoded according to 

125 a secret process he cannot encode further fraudulent 
numbers. On the other hand he can check that the 
number he is given represents the correct amount, 
recipient, date and time by decoding the number. 
Therefore the number given to the shopkeeper is a 

130 bankable commodity. 
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The token is usually formed by integrated circuits 
including programmable read only memory (PROM) 
which contains the encoding key, in a form which 
cannot be accessed, and an algorithm for encoding 
5 incoming signals. The encoding process is carried 
out In other circuits, which may include a microp- 
rocessor. 

The terminal also includes a small computer such 
as a microprocessor which is able to respond to a 

1 0 decoding key which may be either supplied by the 
token or by a separate credit card which could emp- 
loy either active or passive storage (such as a 
magnetic strip). There is no particular need for the 
decoding key to be kept secret since as is pointed out 

1 5 above, messages cannot be encoded using this key. 
The terminal is expected to form part of an electri- 
cal cash register. 

Tokens according to the second aspect of the 
invention or for use with terminals according to the 

20 third aspect of the invention may take many forms, 
for example they may be card shaped or key shaped. 
Tokens may be battery operated or supplied by way 
of plug-in contacts from a terminal or by way of 
Impedance coupling. to a terminat. 

25 The PKCS and Its application to this invention will 
now be discussed. The PKCS is described in "New 
Directions in Cryptography" by DifRe and Hellman, 
I.EE.E. Trans. Inform. Theory 11, 22 (November 
1976), also in "A Method for Obtaining Digital Signa- 

30 tures and Public-Key Crypto-systems", by Rivest, 
Shamir and Adlerman, Comm. Assoc. Comp. Mach. 
Vol 21, No. 2 (February 1978). 

There are two kinds of PKCS available but only 
that known as the RSA algorithm is thought, at pres- 

35 ent, to be suitable for the present Invention. The RSA 
is a number theoretic system which makes public 
two numbers R and S. If the message Is M then the 
encrypted message C Is given by: 
C = IVP (mod R) 

40 The recipient knows a decryption key which is 
another number T which has the property that M - 
C (mod R) and therefore he can decode C to obtain 
M. If R IS the product of two large primes P and Q, 
then calculation of T, given S and R, Is only possible 

45 if R can be factorised into PXQ. This is known to be 
very difficult for large numbers (especially if, P = 2P 
+ 1 where P* is also prime). An advantage of the RSA 
algorithm is Its symmetry. It does not matter 
whether S or T is used for "encryption" or "decryp- 

50 tion". 

A simple example of the system is now given 
using the "secret" numbers P = 5, Q = 1 1 and T = 7, 
the "public" numbers R = 55 and S = 3. Suppose the 
message is the number 19 (in practice for payments 
55 the number has about 50 decimal digits (as is dis- 
cussed below) and is in binary form) then 
C=19P(mod55) 
= 6859-{55x120)=39 
(55 X 120 being the nearest multiple of 55 which is 
60 less than 6859). Thus the coded message is 39. On 
decoding, 

M = 39^ (mod 55) 
which can be found by first calculating 34^ (mod 55) 
and 39P (mod 55) which equal 31 and 29 respectively 
65 and then finding 31x29 (mod 55). 



That is 34 X 29 (mod 55) = 899 - 880 = 19. 

An embodiment of the invention will now be 
described, by way of example, with reference to the 
accompanying drawing which is a block diagram of 
70 a customer's token and a shopkeeper's terminal 
according to the invention. 

In the Rgure a token 10, which may be in the form 
of a slim card, contains a number of integrated cir- 
cuits and is connected by way of plugnn contacts 1 1, 
75 1 2 and 1 3 to a terminal 14 which Is part of an ECR 
only some parts of which relevant to the present 
Invention are described here. The card 10 receives 
power by means of plug-in connections from the 
ECR but these power circuits are not shown in the 
80 Figure. The card is also synchronised to the terminal 
by means of connections and circuits which are not 
shown. 

When a customer makes a purchase the shop- 
keeper enters details of the transaction into his ECR 
85 by means of a keyboard 15. These details, which 
include the amount of the transaction and the date 
and time of the transaction, are passed to a display 
25 of the terminal 
If the customer agrees with the figures displayed, 
90 he inserts his card 10 into the terminal 14, inftiating 
the operations now described. 

The information entered on the keyboard 15 is 
held in a register 17 together with a number iden- 
tifying the shop. This information is transferred to a 
95 register 18 in the token 1 0 which also receives a 
number from a store 1 6 Identifying the customer, for 
example the number of his bank plus his account 
number. Thus the store 18 now holds all details of 
the transaction and these are passed to a PKCS 

1 00 encryption circuit 19 which also receives the encryp- 
tion key from the store 16. 

The encrypted message is then passed to a regis- 
ter 21 and thence to a register 22 in the terminal 14. 
The contents of the register 22 are applied to a PKCS 

1 05 decryption circuit 23 which receives the decryption 
key from a store 20 in the token 1 0. Circuits 1 9 and 23 
may be in the form of microprocessor integrated cir- 
cuits programmed according to the above men- 
tioned paper by Rivest, Shamir and Adlerman. The 

1 1 0 decoded message thus arrives in a register 24 where 
it is used to drive the display 25. Since this display Is 
available to both customer and shopkeeper, both 
can check that the number supplied from the register 
21 to the register 22 contains correct information 

1 1 5 concerning the transaction. The display 25 may 
include a small printer which provides a permanent 
record for the customer and also, if required, forthe 
shopkeeper. 
The display may also include a character which 

1 20 indicates whether the message as sent from the ECR 
to the token 10 is the same (except forthe cus- 
tomer's number which was added in the register 18) 
as that obtained after decryption in the register 24. 
For this purpose a comparator 26 is provided and if 

125 the comparison is correct an enabling signal is 
applied to a gate 27, However a further enabling 
signal from the keyboard 15 is required which Is 
supplied when the shopkeeper is satisfied that the 
details displayed are correct. The gate 27 then opens 

130 and the coded number held by the register 22 is pas- 
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sed to an electrical store 28. 

After a number of such transactions the store 28 
contains encoded numbers which represent pay- 
ments. These numbers may be, as mentioned above, 
5 held on magnetic tape so that they can be taken to a 
bank at the end of the day or at the end of a week. 
Other ways of storing and transmitting the numbers 
have already been mentioned. 
In a typical token and terminal system the mes- 
1 0 sage which is coded and then stored in the store 28 
may be made up as follows : — 

Amount (£ or $) 5 decimal digits 

Date 6 decimal digits 

Time 4 decimal digits 

15 Customer's Bank 8 decimal digits 

Account number 8 decimal digits 

Shop 12 decimal digits 

This gives a total of 43 decimal digits and by provid- 
ing 50 such digits a few spare digits are available for 
20 further information. 

The stores 1 6 and 20 may conveniently be PROMs 
but steps must be taken to ensure that the encoding 
key from the store 16 cannot be accessed from out- 
side the token 10 without destroying the token. For 
25 some types of transaction it may be considered pref- 
erable to employ a second token or credit card 
instead of the store 20, which may be kept in a differ- 
ent place from the token 10 to give details of the 
decryption key for the circuit 23 in the terminal. 
30 Details relating to the owner of the token 1 0 may also 
be held on this second card instead of in the store 16. 
Such a card may simply include a magnetic strip 
with these details and printing giving the owner's 
name, address and, for example, bank. 
35 Manyofthe circuits shown in the token lOandthe 
terminal 14 may be replaced by respective microp- 
rocessors. 

It will be apparent that the invention may be put 
into effect in many other ways that specifically 
40 described above. In particular other encryption sys- 
tems may prove suitable and other layouts of both 
token and terminal are possible using similar or dif- 
ferent integrated circuits. 
CLAIMS 

45 1 . A method of carrying out a transaction, com- 
prising automatically coding information relating to 
thetransaction using a system of the type hereinbe- 
fore specified, decoding the coded message in order 
to determine what information has been coded, and 

50 using the coded message to enable an action to be 
carried out and/or storing the coded message as evi- 
dence of the transaction. 

2. A portable token comprising means for receiv- 
ing signals representing information concerning a 

55 transaction, means for encoding the signals received 
according to a coding system of the type hereinbe- 
fore specified, and meansfor providing an indication 
of the encoded signals. 

3. A token according to Claim 2 which is capable 
60 of being easily carried in one hand. 

4. Atoken according to Claim 2 or3 including 
first and second storage means containing an encod- 
ing key and a decoding key, respectively, the first 
storage means being coupled to the means for 

65 encoding, and the second storage means having 



coupling means for passing the decoding key to a 
terminal which is to be used in conjunction with the 
token. 

5. A terminal comprising means for supplying 
70 first electrical signals representative of information 

concerning a transaction to coding apparatus, 
means for receiving second encoded electrical sign- 
als representative of the first signals from coding 
apparatus, and means for decoding the second sign- 
75 als according to a coding system of the type 
hereinbefore specified. 

6. A terminal according to Claim 5 including 
meansfor indicating the decoded contents of the 
second signals and/or means for checking the 

80 decoded second signals against the first signals. 

7. Aterminal according to Claim 5 or 6 including 
storage means for storing a plurality of the second 
signals in a form which allows the stored signals to 
be transmitted later, when required. 

85 8. A method, token or terminal according to any 
preceding claim wherein coding and decoding are 
according to the RSA alogorithm of the United 
States Public Key Crypto System. 

9. A method of carrying out a transaction as 
90 hereinbefore described. 

10. A portable token as hereinbefore described 
with reference to and as shown in the accompanying 
drawing. 

1 1. Aterminal as hereinbefore described with 
95 reference to and as shown in the accompanying 

drawing. 
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